MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous embedded links, with a critical heuristic identifying it as a redirector link farm. One prominent URL, 'https://ttraff.com/pify?keyword=extraordinary+measures+video+worksheet+answers', is flagged as a known malicious redirector. The document body, though heavily obfuscated, contains references to this URL and appears to be generated by wkhtmltopdf, suggesting a programmatic creation for link distribution. The presence of many external PDF links further supports the SEO link farm hypothesis.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=extraordinary+measures+video+worksheet+answers
- https://cdn-cms.f-static.net/uploads/4408321/normal_5f94a0fde0e38.pdf
- https://cdn-cms.f-static.net/uploads/4417827/normal_5f95781f1ab1c.pdf
- https://lozugukavokukes.weebly.com/uploads/1/3/4/3/134357100/3711696.pdf
- https://cdn-cms.f-static.net/uploads/4368500/normal_5f8c3d74cf04a.pdf
- https://cdn-cms.f-static.net/uploads/4381788/normal_5f90d12932985.pdf
- https://cdn-cms.f-static.net/uploads/4379053/normal_5f927e1580349.pdf
- https://cdn-cms.f-static.net/uploads/4403537/normal_5f920a6e21f52.pdf
- https://cdn-cms.f-static.net/uploads/4366965/normal_5f88655999866.pdf
- https://moxitasa.weebly.com/uploads/1/3/1/4/131454719/3770932.pdf
- https://zewubonorow.weebly.com/uploads/1/3/1/3/131398185/napuzo.pdf
- https://cdn-cms.f-static.net/uploads/4383798/normal_5f98a1e52cac5.pdf
- https://cdn-cms.f-static.net/uploads/4374542/normal_5f8aabed766a9.pdf
- https://wimejevufafej.weebly.com/uploads/1/3/4/3/134379448/depilurumuvonit.pdf
- https://cdn-cms.f-static.net/uploads/4393779/normal_5f92008bd69cc.pdf
- https://cdn-cms.f-static.net/uploads/4367667/normal_5f88af7ca88be.pdf
- https://cdn-cms.f-static.net/uploads/4408589/normal_5f9268c32f287.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cdn.shopify.com/s/files/1/0478/2627/2415/files/shutterfly_upload_app_for_android.pdf
- https://cdn.shopify.com/s/files/1/0493/1030/2367/files/fury_warrior_bfa_guide_pve.pdf
- https://cdn.shopify.com/s/files/1/0502/8410/1804/files/pugosalitupepig.pdf
- https://cdn.shopify.com/s/files/1/0497/3766/2615/files/teaching_feeling_apk_android_2.0.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005efa.bin7d835210fdf488aa639145e274e59208774421a8d743e6762d3552633deaebd5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5EFA | 5260 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.